Sensitive security data may include, for example, personal data identifying the owner or manufacturer of an integrated circuit, keys, initials or derivatives, data encryption algorithms, etc. Such data may be produced or used, for example, by elements of an integrated circuit. As used herein, the term “element” is to be understood in the broad sense of the term. That is, this term may designate, for example, an identification circuit or cryptographic computation circuit of an integrated circuit, or simply a portion of one of these circuits. The term “element” also designates an instruction, a particular sequence of instructions, or a step of a process that is implemented by the integrated circuit and which, during its execution, leads to the production or use of sensitive data.
Known snooping techniques often take advantage of the changes undergone by a physical variable inherent to an integrated circuit that is measurable from outside the circuit. A variable of this kind may be, for example, the total energy consumption of the circuit or its electromagnetic radiation. In particular, to access sensitive data from outside the circuit, a snooper activates the operation of an element that produces or uses this sensitive data, measures a physical variable that is externally accessible, and searches for a correlation between this variable and the sensitive data.
One of the main difficulties for the snooper lies in the fact that the measurement of the variable is particularly difficult because it is generally noise-ridden. That is, the physical variable is produced by the entire integrated circuit and not solely by the element(s) producing or manipulating the sensitive data. The snooper then needs to have a large number of identical measurements at his disposal (e.g., about 2,000 to 20,000 measurements) to remove the noise from the measurement and extract the sensitive data.
To prevent such an attack, the user may take preventive action if an element producing or using the sensitive data is subjected to excessively frequent action. For example, he may disable the operation of the element, i.e., disable the operation of the circuit, portion of the circuit, instruction, or the particular series of instructions that produces or uses the sensitive data. The user may also act preventively by replacing the sensitive data element(s) with another data element(s), if this option is available, or modify the mechanism for producing this data.
For this purpose, the user must be able to know how many times the element producing or using the sensitive data has been used, or he must have at least an estimate of this number, to find out whether or not the element is being used wrongfully. He may deem this to be the case when the number of uses or the estimate of this number has reached a chosen value N, such as 1,000 or 10,000. The user may then take preventive action by blocking the operation of the integrated circuit, preventing the production or use of the sensitive data to be protected, or modifying the value of the sensitive data.
There are existing prior art approaches that generally use a counter to determine the number of productions or uses of the element using the sensitive data. However, one drawback of a counter is that a large memory cell may be needed to store the number. The surface and the consumption of the counter itself, as well as the time needed to program the counter, may also be significant, especially if the count is large. Furthermore, if the counter has a reset device, then this reset device is generally quite easily accessible from outside the circuit, allowing a snooper to then erase the contents of the counter.